Changeset bd6591f in mod_gnutls for doc/mod_gnutls_manual.mdwn


Ignore:
Timestamp:
Jul 5, 2017, 12:48:44 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, proxy-ticket, upstream
Children:
f4deac5
Parents:
a2b4ab6
Message:

Update documentation of the GnuTLSDHFile option

File:
1 edited

Legend:

Unmodified
Added
Removed

  • doc/mod_gnutls_manual.mdwn

    ra2b4ab6 rbd6591f  
    178178### GnuTLSDHFile
    179179
    180 Set to the PKCS \#3 encoded Diffie Hellman parameters
     180Use the provided PKCS \#3 encoded Diffie-Hellman parameters
    181181
    182182    GnuTLSDHFile FILEPATH
     
    185185Context: server config, virtual host
    186186
    187 Takes an absolute or relative path to a PKCS \#3 encoded DH
    188 parameters.Those are used when the DHE key exchange method is enabled.
    189 You can generate this file using `certtool --generate-dh-params --bits
    190 2048`.  If not set `mod_gnutls` will use the included parameters.
     187By default, `mod_gnutls` uses the DH parameters included with GnuTLS
     188corresponding to the security level of the configured private keys if
     189compiled with GnuTLS 3.5.6 or newer, and the ffdhe2048 DH group as
     190defined in RFC 7919, Appendix A.1 otherwise.
     191
     192If you need to use different DH parameters, you can provide a PEM file
     193containing them in PKCS \#3 encoding using this option. Please see the
     194"[Parameter
     195generation](https://gnutls.org/manual/html_node/Parameter-generation.html)"
     196section of the GnuTLS documentation for a short discussion of the
     197security implications.
    191198
    192199### GnuTLSPriorities
Note: See TracChangeset for help on using the changeset viewer.